Skip to main content
Skyhigh Security

About File Opening

File opening is performed on Web Gateway to make files available for inspection and filtering that cannot immediately be accessed, for example, because they are compressed or nested in an archive.

The component that handles file opening on Web Gateway is known as the Composite Opener. This opener is capable of extracting compressed content, opening archives, and making other multipart files available for inspection and filtering.

The opener provides these functions depending on the file formats that it supports.

The Composite Opener also detects for various formats whether a file is protected by a password or otherwise encrypted. It cannot open these files, but based on the categorization as encrypted, you can handle them through rules. For example, you can block files that the Composite Opener detects as encrypted.

Corrupted archives are also detected. They cannot be opened, but you can likewise handle them through rules.

File opening process

The Composite Opener is enabled by the following rule, which is included in the Enable Opener rule set. This rule set is a default rule set that is nested in the Common Rules rule set.

The rule itself is also by default enabled.

Name
Enable Composite Opener
Criteria                         Action                 Event
Always                           Continue Enable        Composite Opener <Default>

Other rules are provided in the Common Rules rule set, which you can enable to block files that have been detected as archives or other types of multipart files or as encrypted or corrupted.

You can configure the Composite Opener settings to set a limit to the number of levels that nesting can include within an archive. When this limit is exceeded, no file opening is performed.

A size limit can also be set to the amount of uncompressed data that the Composite Opener extracts, as well as to the compression ratio that is accepted.

Extracting metadata

Files usually have metadata associated with them in addition to the ordinary data that they contain. The two types of data can be organized in a complex structure. The Composite Opener also works on structures of this kind and makes the complete data available for further inspection.

Metadata mainly provides information on the properties of a file. In addition to standard properties with default values, some file formats allow users to configure customized properties.

After extracting both default and customized metadata, the Composite Opener makes them available in a text format that can be utilized by the Body.Text property within another rule on Web Gateway.

The rule can then be used to form a part of, for example, Data Loss Prevention (DLP) filtering.

  • Was this article helpful?